Preview

Features

Treats the cryptanalysis of the main variants of RSA as a major topic—one of the first books to do so

Collects all of the best known mathematical attacks on RSA and its variants, providing detailed proofs and justifications of these attacks

Includes the most recent results for lattice techniques based on Coppersmith’s methods

Differentiates between provable attacks and those based on assumptions

Summary

Thirty years after RSA was first publicized, it remains an active research area. Although several good surveys exist, they are either slightly outdated or only focus on one type of attack. Offering an updated look at this field, Cryptanalysis of RSA and Its Variants presents the best known mathematical attacks on RSA and its main variants, including CRT-RSA, multi-prime RSA, and multi-power RSA.

Divided into three parts, the book first introduces RSA and reviews the mathematical background needed for the majority of attacks described in the remainder of the text. It then brings together all of the most popular mathematical attacks on RSA and its variants. For each attack presented, the author includes a mathematical proof if possible or a mathematical justification for attacks that rely on assumptions. For the attacks that cannot be proven, he gives experimental evidence to illustrate their practical effectiveness.

Focusing on mathematical attacks that exploit the structure of RSA and specific parameter choices, this book provides an up-to-date collection of the most well-known attacks, along with details of the attacks. It facilitates an understanding of the cryptanalysis of public-key cryptosystems, applications of lattice basis reduction, and the security of RSA and its variants.

Table of Contents

PRELIMINARIES

The RSA Cryptosystem

Public-Key Cryptography

The RSA Cryptosystem

The Security of RSA

Efficiency of RSA

RSA Signature Scheme

Variants of RSA

Some Notation, Mathematics, and Techniques

Some Notation

Some Mathematics Results

Integer Factorization

Continued Fractions

Lattices

Solving Linear Equations

Coppersmith’s Methods

On Attacks and Proofs

CRYPTANALYSIS OF RSA

Some Early Attacks

Common Modulus Attack

Håstad’s Broadcast Attack

Cycling Attacks

Small Public Exponent Attacks

Stereotyped Message Attack

Related Message Attacks

Random Padding Attack

Leaking Information

Small Private Exponent Attacks

Wiener’s Continued Fraction Attack

Boneh and Durfee’s Lattice Attacks

Effectiveness of the Attacks

Partial Key Exposure Attacks

Factoring with a Hint

Partially Known Private Exponent: MSBs

Partially Known Private Exponent: LSBs

Partially Known Primes

Key Reconstruction with Random Errors

More Small Private Exponent Attacks

Common Modulus Attack

Common Private Exponent Attack

CRYPTANALYSIS OF VARIANTS OF RSA

CRT-RSA

CRT-RSA

Small CRT-Exponent Attacks

Partial Key Exposure Attacks

Key Reconstruction with Random Errors

Multi-Prime RSA

Multi-Prime RSA

Factoring the Modulus

Small Private Exponent Attacks

Partial Key Exposure Attacks

Common Modulus Attacks

CRT Attacks

Multi-Power RSA

Takagi’s Scheme

Factoring the Modulus

Small Private Exponent Attacks

Partial Key Exposure Attacks

Common Modulus Attack

Multi-Exponent RSA

Common Prime RSA

Common Prime RSA

Factoring the Modulus

Small Private Exponent Attacks

Small CRT-Exponent Attacks

Dual RSA

Dual RSA

Small Public Exponent

Small Private Exponent

Dual CRT-RSA

Efficiency and Comparison

Appendix A: Distribution of g = gcd(p – 1, q – 1)

Appendix B: Geometrically Progressive Matrices

Appendix C: Some AlgorithmsFurther Reading

Bibliography

Index

Additional Notes appear at the end of each chapter.

Author(s) Bio

M. Jason Hinek is an adjunct research fellow in the iCORE Information Security Lab at the University of Calgary. He earned his Ph.D. in computer science from the University of Waterloo, where his research focused on the security of variants of RSA.

Reviews

I enjoyed reading the book because the author is always caring about the different references that he used to write the text. This allows the reader to go further in his understanding of what is presented. … I was pleased by the way the author presented all the different attacks and variant of RSA. I would recommend this book for people who would like to know more about the RSA and more precisely about the difficulties of attacking this cryptosystem with mathematical techniques. … this book can be used as a base for building a complete course on RSAs cryptanalysis.—Antoine Rojat, SIGACT News, December 2011

I can honestly recommend this book. It is written straightforward and is therefore easy to read. Every step is explained and original sources are given, so if you want to look deeper into the background of a certain problem, you can easily do that. … a substantiated overview over the current state of cryptanalysis of RSA. …—IACR book reviews, January 2010